CipherTrust Tool Puts Spammers Under Quarantine

The company's Connection Control technology notes the IP addresses of the worst e-mail abusers and then blocks them for a period of time. Its second line of defense involves gobbling up spammers' bandwidth.

Messaging security vendor CipherTrust Inc. on Monday released a new component of its IronMail appliances designed to stop spam messages before they get to customers networks.
Known as Connection Control, the technology relies on the companys Spam Profiler system to identify the IP addresses of the most egregious e-mail abusers. It does this through the use of a scoring index that assigns incoming messages a score of zero to 100, based on the likelihood that theyre spam.
If a particular IP address racks up too many messages with scores of 100, the system drops connection attempts from those machines for a period of time, typically a few days.

After the quarantine period is up, IronMail begins accepting connections from the blocked IP addresses, but will drop them again if they begin sending spam.

Most spammers use rotating groups of proxies to send their messages and often will simply move on to another one if a particular IP address is blackholed. But that technique will be of little use against systems such as Connection Control that can quickly identify machines being used as bulk mailers and ignore them.
"Basically whats happening is that each IronMail appliance is developing its own reputation service," said Matt Anthony, director of marketing at CipherTrust, based in Atlanta. "Its much more precise than having one service for everyone."
Connection Control also has a second line of defense. Instead of simply dropping connections from spammers, it also can accept those connections and then simply slow them to a crawl, gobbling up the spammers bandwidth. This renders that particular proxy all but useless because the name of the game for spammers is sending out as many messages as possible in the shortest amount of time.
Click here to read about CipherTrusts IronMail Privacy Architecture, which lets users choose from among three types of encryption.
For enterprises that receive millions of e-mails a day, weeding out large amounts of spam can make a major difference in the performance of their networks and their bandwidth costs.
"We have about 50,000 mailboxes and get about 40 million messages a day. We needed something that could protect us at the edge without letting the bad stuff get to the network," said Franklin Warlick, messaging system administrator at Cox Communications Inc., also based in Atlanta.
"We had to have something to make the executives happy, and this was it. We havent seen any false positives at all."
Warlick said Connection Control blocked nearly 4,000 individual IP addresses the first night that it was installed on Coxs internal network. The companys total mail volume dropped by about 40 percent.
Connection Control is available now as an upgrade to IronMail boxes.
Check out eWEEK.coms Messaging & Collaboration Center at http://messaging.eweek.com for more on IM and other collaboration technologies.